I'd love to see httplib2 do SSL certificate verification (as libcurl does).

The standard socket.ssl just provide server() and issuer() functions. We can't get the server certificate. I just had a look to M2Crypto.httpslib.HTTPSConnection wich rewrites mainly the connect method using it's own SSL object. May be it's not too difficult?

The following patch integrates M2Crypto.SSL with httplib2. It's a proof of concept and not exhaustively tested.

There seems to be a problem with M2Crypto and timeouts, documented here: https://bugzilla.osafoundation.org/show_bug.cgi?id=2341

We'll have a look at python-pyopenssl.

What about using the new ssl module from 2.6? It's avaible for older versions as well.

Yes, this would be great. We'are still using python 2.5. We use actually pycurl, because of some issues with timeouts in ssl connection under m2crypto and python-openssl. I hope that python 2.6 will resolve the issue.

Is this issue still valid? on python > 2.5 ... the Http class will use HTTPSConnectionWithTimeout if the scheme is https :)

Issue 116 has been merged into this issue.

Hi, attached is a patch for the python2 version that adds basic certificate verification. It will first attempt to use the ssl module (python >2.6, or if you've installed ssl 1.15 for python >2.3). If that fails that it will try to use M2Crypto, finally falling back on socket.ssl but without cert verification.

The only change to the interface is the addition of a set_ca_file(ca_file) method which tells httplib2 to do cert verification using the provided CA file in PEM format.

This has only been tested using python 2.6 on Ubuntu, and python 2.4.3 with both M2Crypto and python-ssl on RHEL 5 / CentOS 5.

This patch also contains a fix for issue 62 (sorry for mixing issues) and some file checks when adding certs because I found I was getting misleading error messages when giving wrong filenames by accident.

Certification validation has been added.